5ef0de0f591da514db7a554a6a60a27d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ef0de0f591da514db7a554a6a60a27d_JaffaCakes118
Size

110KB
MD5

5ef0de0f591da514db7a554a6a60a27d
SHA1

cc0d5a3b2a7eb4607f5c2b61a94fcbbb0edcebec
SHA256

a4ba94311eeb6a3f4f200490487c76ab3d8e8913d661078ffbb368d123bef821
SHA512

2503aa135a1861551b82fd3db673d9553768a87340149ca6fbb644408b3544cc10dad0e0510d5b64a1d02cf3b3da76f4b2d48e9129237cf5aba4f34c437a7d7b
SSDEEP

3072:l8QAVhEiDa4Z64IOOCEKpV9PZJWdDzp5tXXHP69E7PRlP:lITOCEKL9PZ0dDzlXXHPB7PR1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/satellites.xml Editor.exe

Files

5ef0de0f591da514db7a554a6a60a27d_JaffaCakes118
.zip
satellites.xml Editor.exe
.exe windows:4 windows x86 arch:x86

0cb24ee39392158bd522e23c1c6a6138

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
CloseHandle
CreateFileA
lstrlenA
lstrcatA
lstrcpyA
GetVersionExA
GetModuleFileNameA
GlobalAlloc
GetLastError
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
CopyFileA
GetSystemDirectoryA
SetFileTime
ReadFile
GetTempPathA
GetFileSize
LocalFree
SetFilePointer
LockResource
LoadResource
SizeofResource
FindResourceA
GetTickCount
WaitForSingleObject
ExitProcess
CreateDirectoryA
GetWindowsDirectoryA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
WriteFile
GetCurrentDirectoryA
LocalAlloc
GlobalFree
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LoadLibraryA
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
GetCurrentProcess
HeapAlloc
HeapFree
GetProcAddress
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile

user32

SetDlgItemTextA
GetDlgItem
UpdateWindow
wsprintfA
MessageBoxA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA

shlwapi

StrRChrA
StrStrIA

shell32

ShellExecuteA
ShellExecuteExA

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
www.zackyfiles.net.txt

Sharing

General

Malware Config

Signatures

Files

0cb24ee39392158bd522e23c1c6a6138

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 76KB - Virtual size: 75KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 76KB - Virtual size: 75KB